-
Notifications
You must be signed in to change notification settings - Fork 66
Fetching blocks for memos should not reveal what tx's a user is receiving #59
Comments
Updated to reflect this discussion here: https://github.com/zcash/zcash-android-wallet/issues/166 |
Option 2 should be very straight forward to implement as a setting. On the mobile side, I'd estimate that as an hour of work because it basically boils down to reverting to how things used to work before "enhancing" transactions with memos was a thing.
Also: |
Do you think "connect to the P2P network to fetch memos" should be included in this list, since it has been discussed a bit? |
Yeah, if fetching and parsing all blocks is an option, sure.
(Or if full nodes can support PIR)
… On Oct 1, 2020, at 7:53 PM, Kevin Gorham ***@***.***> wrote:
Do you think "connect to the P2P network to fetch memos" should be included in this list, since it has been discussed a bit?
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub <#59 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AABUFLR75XJI256E4WQWVITSIUI6LANCNFSM4SA2EAEA>.
|
The skepticism I've heard around connecting to the p2p network is that we don't know what kind of attacks that exposes the user to. I believe @defuse expressed this concern. |
Right now, a malicious lightwalletd, or anyone that can view a lightwalletd's network activity, can link transactions to a given recipient. This could be used to deanonymize a user, by linking them a to a transaction for which their identity is known. Here are some options.
Option 3 is probably the easiest, but it's not ideal for the wallet developer, since they won't be able to rely on zecwallet-light-cli for state anymore, since they'll have to store their own state for transactions and memos, and make sure this matches the state provided by zecwallet-light-cli.
I'd say option 2 or 4 is the best place to start. Interested to hear more about this.
The text was updated successfully, but these errors were encountered: